add FileDigest with default value SHA256 to config to mirror `Times…

…tampDigest`
electron-userland · Oct 24, 2024 · 507d083 · 507d083
1 parent 406e537
commit 507d083
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/packages/app-builder-lib/scheme.json b/packages/app-builder-lib/scheme.json
@@ -6111,6 +6111,11 @@
           "description": "The Trusted Signing Account endpoint. The URI value must have a URI that aligns to the\nregion your Trusted Signing Account and Certificate Profile you are specifying were created\nin during the setup of these resources.\n\nTranslates to field: Endpoint\n\nRequires one of environment variable configurations for authenticating to Microsoft Entra ID per [Microsoft's documentation](https://learn.microsoft.com/en-us/dotnet/api/azure.identity.environmentcredential?view=azure-dotnet#definition)",
           "type": "string"
         },
+        "fileDigest": {
+          "default": "SHA256",
+          "description": "The File Digest for signing each file. Translates to field: FileDigest",
+          "type": "string"
+        },
         "timestampDigest": {
           "default": "SHA256",
           "description": "The Timestamp Digest. Translates to field: TimestampDigest",

diff --git a/packages/app-builder-lib/src/codeSign/windowsSignAzureManager.ts b/packages/app-builder-lib/src/codeSign/windowsSignAzureManager.ts
@@ -79,16 +79,16 @@ export class WindowsSignAzureManager {
     const vm = await this.packager.vm.value
     const ps = await getPSCmd(vm)
 
-    const { endpoint, certificateProfileName, codeSigningAccountName, timestampRfc3161, timestampDigest, ...extraSigningArgs }: WindowsAzureSigningConfiguration =
+    const { endpoint, certificateProfileName, codeSigningAccountName, fileDigest, timestampRfc3161, timestampDigest, ...extraSigningArgs }: WindowsAzureSigningConfiguration =
       options.options.azureSignOptions!
     const params = {
-      FileDigest: "SHA256",
-      ...extraSigningArgs, // allows overriding FileDigest if provided in config
+      ...extraSigningArgs,
       Endpoint: endpoint,
       CertificateProfileName: certificateProfileName,
       CodeSigningAccountName: codeSigningAccountName,
       TimestampRfc3161: timestampRfc3161 || "http://timestamp.acs.microsoft.com",
       TimestampDigest: timestampDigest || "SHA256",
+      FileDigest: fileDigest || "SHA256",
       Files: `"${options.path}"`,
     }
     const paramsString = Object.entries(params)

diff --git a/packages/app-builder-lib/src/options/winOptions.ts b/packages/app-builder-lib/src/options/winOptions.ts
@@ -207,6 +207,11 @@ export interface WindowsAzureSigningConfiguration {
    * The Code Signing Signing Account name. Translates to field: CodeSigningAccountName
    */
   readonly codeSigningAccountName: string
+  /**
+   * The File Digest for signing each file. Translates to field: FileDigest
+   * @default SHA256
+   */
+  readonly fileDigest?: string
   /**
    * The Timestamp rfc3161 server. Translates to field: TimestampRfc3161
    * @default http://timestamp.acs.microsoft.com